parse error

longbow

[FONT=Arial]hey guys
im trying to get this login script to work but i am getting and error stating that :

Parse error: parse error, unexpected $end in E:\Apache2\htdocs\purple\logon.php on line 17

:glare::glare::glare:
this is my code any help?

<?php
$conn = mysql_connect("localhost", "longbow", "inserthere");
mysql_select_db("test",$conn);
$sql = "SELECT 'name' , 'pass' FROM 'jenn' WHERE 1 AND 'name' = '$POST[names]' AND 'pass' = '$POST[passs]";
$result = mysql_query($sql, $conn) or die(mysql_error());
while ($newArray = mysql_fetch_array($result)) {
$name2 = $newArray['name'];
$pass2 = $newArray['pass'];
if ($name == 1 AND $pass ==1)
{
echo "The ID is $id and the text is $testField <br>";
}
else
{
echo "sorry try again";
}
?>

Greatly apriciated (i think thats how its spelled.. :bemused: )
longbow[/FONT]

drew010

missing the } for the while loop. when you see unexpected $ it means that you are missing a } somewhere.

longbow

i c that would help... hmmm
thanks alot dude
but now im getting an error that is:

You have an error in your SQL syntax near ''jenn' WHERE 'name' = 'phil' AND 'pass' = 'phil' at line 1

any clue?
BTW if you cant tell im selceting this stuff from MySQL

drew010

table names and column names shouldnt be enclosed in the single quotes

$sql = "SELECT name , pass FROM jenn WHERE name = '{$POST['names']} AND pass = '{$POST['passs']}'";

planetsim

Is the WHERE 1 needed, probably not take it out and use the WHERE as if it where the AND

Just incase i confused

$sql = "SELECT 'name' , 'pass' FROM 'jenn' WHERE 'name' = '$_POST[names]' AND 'pass' = '$_POST[passs]'";

Secondly you dont seem to be validating that input im not going to tell you what you need to do there are a ton of posts on Input Validation, SQL Injections etc. Do a search to get an idea on what you need to do.

Finally to your error your using single quotes basically MySQL interprets this as a string, which cant be they need to be fields as the table name. The others are alright.

try this

$sql = "SELECT `name` , `pass` FROM `jenn` WHERE `name` = '".$_POST['names']."' AND `pass` = '".$_POST['passs']."'";

Notice that I used backticks instead of single quotes, not sure on other Databases but MySQL will assume that inbetween the backticks that its a field name. They are useful incase you have a field name that is actually a reserved word or keyword. A common one I find is using option as a field name.

longbow

ok now im up to here with the code. it works sort of if i dont put a password in but if i put a password in it says the else statement...

<?php
$conn = mysql_connect("localhost", "longbow", "inserthere");
mysql_select_db("test",$conn);
$sql = "SELECT name , pass FROM jenn WHERE name = '".$POST['names']."' AND pass = '".$POST['passs']."'";
$result = mysql_query($sql, $conn) or die(mysql_error());
while ($newArray = mysql_fetch_array($result)) {
$name2 = $newArray['name'];
$pass2 = $newArray['pass'];
$name1 = ( boolean ) $name2;
$name3 = gettype($name1);
$pass1 = ( boolean ) $pass2;
$pass3 = gettype($pass1);
if ($name3 === "1" AND $pass3 === "1")
{
print "hello <br>";
}
else
{
echo "sorry try again";
}}
?>

BTW i also put in a few boolean truth statements.. is it possible to get boolean out of text? or does it have to be integers only?

drew010

yeah you are able to use any data type for if statements.

if ($name == "drew")
if ($number == 540)
if ($flag == TRUE);

planetsim

longbow wrote:
ok now im up to here with the code. it works sort of if i dont put a password in but if i put a password in it says the else statement...

Well are you using md5 or an encyption function to deal with the password? Is there a password for that user? Like I said in my previous you really need to do some validation on that data.

longbow

there is no encryption at all and the table goes as is:

all in one table
ID Name Password
1 Name 1 password 1
2 name 2 password 2

Weedpacket

 $name3 = gettype($name1); 
...
$name3 === "1"

"1" is not a PHP variable type.

longbow

i know 1 is not a variable it is and integer but is it possible to take a alphabetiv value and use it as a boolean expresion so you can test it in a truth statement? as i have it layed out in the script

drew010

yes you can use strings in a boolean statement since its a php type.

if ("string" == "string") //this is true
if ("String" == "string") //this is false

$name = "drew010";
if ($name == "drew010") //this is true

longbow

but its going to have more than one value there may be more than 10 valuse that are going to be pulled from SQL
so how do i do it like that?